Originally Posted by SenorFunkyPants
AIUI this vulnerability was created by an EU law that was introduced to ensure that cars could be fully serviced outside a dealer network. Essentially the functions of the OBD port has to be made available to all third party dealers to conduct diagnostics etc.
It may have been introduced, but it would have been relatively easy for BMW to have avoided this issue. Allowing the port to be active without a key present ONLY under dealership control/the shop in direct contact with BMW (much like the way Audi does it) or even allowing the OBD port to be disabled by the customer in iDrive/option to disable it when the ignition is off, etc.
This is an unintended consequence of the EU regulations, but one that should have been forseen. Any updates on whether BMW is actually "doing the right thing" for all cars involved? Does anyone know if LHD cars can be affected?